[Git][security-tracker-team/security-tracker][master] buster triage

Moritz Muehlenhoff (@jmm) jmm at debian.org
Tue May 25 18:55:57 BST 2021 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
5a10a508 by Moritz Muehlenhoff at 2021-05-25T19:55:35+02:00
buster triage

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -2035,6 +2035,7 @@ CVE-2021-32612
 	RESERVED
 CVE-2021-32611 (A NULL pointer dereference vulnerability exists in eXcall_api.c in Ant ...)
 	- libexosip2 <removed>
+	[buster] - libexosip2 <no-dsa> (Minor issue)
 	NOTE: http://git.savannah.nongnu.org/cgit/exosip.git/commit/?id=f2ed389fe84613512cc560127883e51e6cf8c054
 CVE-2021-32610
 	RESERVED
@@ -2326,6 +2327,7 @@ CVE-2021-32480
 	RESERVED
 CVE-2021-32563 (An issue was discovered in Thunar before 4.16.7 and 4.17.x before 4.17 ...)
 	- thunar 4.16.8-1 (bug #988394)
+	[buster] - thunar <no-dsa> (Minor issue)
 	NOTE: https://www.openwall.com/lists/oss-security/2021/05/09/2
 	NOTE: Fixed by: https://gitlab.xfce.org/xfce/thunar/-/commit/9165a61f95e43cc0b5abf9b98eee2818a0191e0b
 	NOTE: Regression fix: https://gitlab.xfce.org/xfce/thunar/-/commit/3b54d9d7dbd7fd16235e2141c43a7f18718f5664
@@ -2367,6 +2369,7 @@ CVE-2021-32490
 CVE-2021-3541
 	RESERVED
 	- libxml2 2.9.10+dfsg-6.7 (bug #988603)
+	[buster] - libxml2 <no-dsa> (Minor issue)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1950515
 	NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/commit/8598060bacada41a0eb09d95c97744ff4e428f8e
 	NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/issues/228 (currently private)
@@ -3458,6 +3461,7 @@ CVE-2021-3532
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1956464
 CVE-2021-3531 (A flaw was found in the Red Hat Ceph Storage RGW in versions before 14 ...)
 	- ceph <unfixed> (bug #988890)
+	[buster] - ceph <no-dsa> (Minor issue)
 	[stretch] - ceph <not-affected> (Vulnerable code introduced later)
 	NOTE: https://www.openwall.com/lists/oss-security/2021/05/14/5
 	NOTE: Nautilus: https://github.com/ceph/ceph/commit/f44a8ae8aa27ecef69528db9aec220f12492810e
@@ -3668,6 +3672,7 @@ CVE-2021-3525
 	RESERVED
 CVE-2021-3524 (A flaw was found in the Red Hat Ceph Storage RadosGW (Ceph Object Gate ...)
 	- ceph <unfixed> (bug #988889)
+	[buster] - ceph <no-dsa> (Minor issue)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1951674
 	NOTE: Fixed by: https://github.com/ceph/ceph/commit/763aebb94678018f89427137ffbc0c5205b1edc1
 CVE-2021-3523
@@ -4111,6 +4116,7 @@ CVE-2021-31801
 	RESERVED
 CVE-2021-31800 (Multiple path traversal vulnerabilities exist in smbserver.py in Impac ...)
 	- impacket 0.9.22-2 (bug #988141)
+	[buster] - impacket <no-dsa> (Minor issue)
 	NOTE: https://github.com/SecureAuthCorp/impacket/commit/49c643bf66620646884ed141c94e5fdd85bcdd2f
 CVE-2021-31799
 	RESERVED
@@ -32382,6 +32388,7 @@ CVE-2021-20289 (A flaw was found in RESTEasy in all versions of RESTEasy up to 4
 	NOT-FOR-US: Keycloak
 CVE-2021-20288 (An authentication flaw was found in ceph in versions before 14.2.20. W ...)
 	- ceph 14.2.20-1 (bug #986974)
+	[buster] - ceph <no-dsa> (Minor issue)
 	NOTE: https://www.openwall.com/lists/oss-security/2021/04/14/2
 	NOTE: https://github.com/ceph/ceph/commit/059eabcc0ada81078a898cdc25cf72bf3d506ad0
 	NOTE: https://github.com/ceph/ceph/commit/05b3b6a305ddbb56cc53bbeadf5866db4d785f49
@@ -48984,6 +48991,7 @@ CVE-2020-25724
 	RESERVED
 	- resteasy <unfixed>
 	- resteasy3.0 <unfixed>
+	[buster] - resteasy3.0 <no-dsa> (Minor issue)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1899354 (lacks details ATM)
 CVE-2020-25723 (A reachable assertion issue was found in the USB EHCI emulation code o ...)
 	{DLA-2469-1}


=====================================
data/dsa-needed.txt
=====================================
@@ -14,17 +14,23 @@ If needed, specify the release by adding a slash after the name of the source pa
 --
 condor
 --
+djvulibre
+--
 linux (carnil)
   Wait until more issues have piled up, though try to regulary rebase for point
   releases to more recent v4.19.y versions.
 --
 ndpi
 --
+nginx
+--
 jetty9
 --
 python-pysaml2 (jmm)
 --
 salt
 --
+squid
+--
 webkit2gtk
 --



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5a10a508f1ce0cb2651f242fe75ed261ca6f08f9

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5a10a508f1ce0cb2651f242fe75ed261ca6f08f9
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210525/5766ac7f/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list